Google has entered the domain name resolution business, part of its ongoing effort to control just about everything you do on the net.
This morning, the Mountain View Chocolate Factory unveiled the free Google Public DNS, a service that lets you resolve net domain names through Google-controlled servers.
DNS - the Domain Name …

The product is you

"the fear is worse than the reality?"

Of course it is. People tend towards tinfoil hatting about anyone or anything they feel has more power or control than they do. Mild paranoia is quite natural, and usually quickly and easily tempered amongst most people by the simple fact that life experience will inform us that people who truly try to "take over the world" are fairly rare.

What many people fear Google “might be up to” is far more sinister than what Google actually is up to. That said, Google’s motives are plain, and they are not at all “pure and saintly.” Their motives are to maximize shareholder value. In order to do this they need to make oodles and oodles of money. Their business plan involves extracting that money from every corporation and government on the planet.

What then is Google selling? Why…you. You are the product that Google repackages and sells. Your eyeballs for its advertisements, your medical history for its healthnet, your behaviors, beliefs, media consumption, and even your loyalty. Google has built its business on selling everything about everyone to everyone else.

I try very hard not to tinfoil hat too much about it…but their reach gets a little wider every month, and I find how much information they have the ability to collect about an individual vaguely creepy. Guess some folks just aren't big on the idea of being packaged and sold.

Profits

One does not need dividends to see an increase in value. The share price alone is all that is required. If I buy in at $50, and the share price is now $51, then shareholder value has increased.

In the olden days, you bought into a company, and the value you extracted was via dividends. In today’s world, dividends are no longer considered "good enough." Now you must have an infinitely increasing, at massive rate-of-return share price, or you are a corporate failure.

On the downside for the business man, this is impossible in the long run.

On the upside for the business man, this doesn't mean you actually have to increase the real-world value of your company. Just lie enough that your share price goes up this quarter.

By having a DNS service they control the internet???

The article mentions three times that this DNS service gives them more control. In what way exactly? You type the name of the site and they return the IP address. They can't really get redirected to another site, right? That's something you'd probably notice ;)

Oh dear..

"Exactly. Their privacy policy very explicitly states what they store."

Sure. And you believe that, of course. Wow. There is not a single shred of doubt in your mind that a policy that's on a web page takes a good 0.2 seconds to be updated with something that's completely different, and I bet you you don't need to sign up to use it, which means you do not actually HAVE a contract with them by which you can enforce a degree of stability to those terms.

Let me give you a nice example. Dig up their privacy policy. Looks good, no? Now find the Google Terms of Service, where Clause 1 overrides everything else they have told you so far, and clause 11 basically says "anything you post with us we can use as we please" (if 11.1 seems like restricting the use you should really read 11.2 properly).

I am astonished as to how far that simple line "do no evil" has allowed Google to invade everyone's privacy unchallenged. And the Swiss get beaten up for asking questions, instead of everyone else asking their so called Data Protection regulators why they let them roam free.

Gave it a try

Giving it a try now (and google wave, on google chrome), seems a bit slow if I'm honest so will probably switch back to my ISP's DNS when I can be bothered. Although google.co.uk loads up fast, and probably doubleclick (though kaspersky blocks the ads anyhow)

Don't let Google fool you...

First, be careful what Google says about what and how they manage collected data. If you don't trust your own government, then why trust Google?

Google doesn't have to do any landing to show value in having their own DNS server farm. They will identify who's making the requests and what they are requesting.

Imagine you like to surf for porn late at night when the kiddies are in bed and the wife's in the other room. (Not that *I'd* do that.) :-)

Now all of a sudden, late at night, even though you're not currently surfing for porn, you'll start to see Victoria Secret Ads on your browser. Fancy that.

The point is that by knowing who you are, what sites you hit, they learn more about your browsing habits beyond the stuff you search for.

Also note that with the use of NoScript and Firefox, one can always turn off the GoogleSyndication and other ad tracking scripts on a page. So they are collecting less data about you than they would like.

Using their DNS? You can't block them from collecting Data.

Google doesn't hire the 'brain trust' because they tend to have morals.

Lots of possibilities

There doesn't have to be just one DNS. We might wish it so, and predict anarchy if not, but if Google (or Bing) owned a goodly proportion of the world's name resolution, they could start selling top-level domains. Or re-assigning Murdoch-esque ones - or just failing to resolve them.

Many DNSs

All the alternative generic DNS offerings so far do is provide an alternative _resolver_ service to the alternatives provided by multiple ISPs. Many small to large organisations and some researchers run their own resolvers too, though having a reliable always on server helps. What none of these alternatives have attempted so far is any redefinition of who runs all the much greater number of DNS _content_ servers or to change top level domains. The root domain (i.e. list of top level domains including .uk and .com and the addresses of authoritative content servers for TLDs) could also have multiple copies - it's a small file and easily obtained, and it changes infrequently. However, with a few exceptions anyone offering an alternative generic DNS resolving to different TLD or other content from everyone else would be abandoned soon by their users.

Having choice between many DNS resolving services is a good thing, because this competition will prevent legitimate offerings from going bad.

A scenario where a complete alternative DNS infrastructure might work would be in respect of a narrow class of security application - e.g. for a grassroots financial network comprising Building Societies, Credit Unions and community currencies. This could use DNSEC from the start, with those wanting their own domains resolved having to provide better credentials in order to get zone signing keys signed than your average blackmailer, 419er, phisher or identity theft artist could arrange. All your non financial applications would continue to use the public DNS through whichever resolver service you prefer and the finance applications you use that don't expose you to private banks or other assorted crooks could be preconfigured to use the non-profit financial community DNS.

Yep Folks it looks like Skynet is upon us

"Google said it is intent on expanding this infrastructure between one million and 10 million servers, encompassing 10 trillion (1013) directories and a quintillion (1018) bytes of storage. All this would be spread across "100s to 1000s" of locations around the world."

Ground up manfrommars

One of our Martians is missing.

Haven't seen hide nor hair of our extra-terrestrial friend since El Reg ran the Hoover over the comments section. Could it be that the in-your-face "Reply" and "Report" icons have overwhelmed his sensory receptors?

faster than instant, saftey from what?

Unfortunately the average consumer who is not at all savvy in the ways of the Internet and data collection tech will. Still who gives a .... isn't that what lambs are for anyway?

As much as I would like to wise up and help my brothers and sisters in the human race, and I do try, I see no problem in allowing the weak to be devoured if being chased by a shark. Perhaps this is the next stage in evolution, those who understand and can counter the threat, imaginary or not, from the likes of Google and governments go on to live relatively free and fruitful lives, while those that don't just think they do. Mind you, belief wears some very strong rose tinted glasses. Think of the children and the next generation, what they have never had they will never miss, they will embrace what we abhor with conviction.

Take that, DNS hijackers

To me, this looks like an attempt to kill off DNS hijacking --- the practice of returning bogus results for unrecognised domains. I can think of three main reasons why Google would want this:

- the bogus results usually assume the user was doing an HTTP request, and attempt to serve up a webpage pointing at some kind of search site that's not Google. By preventing this, Google starve their competitors and at the same time increase the probability that the user will go look up the site on Google;

- DNS hijacking *really is* a horrible security hole; consider someone on Gmail following a spam link to fnord.googlemail.com. The domain's not recognised, so scummy ISP redirects them to a server that masquerades as fnord.googlemail.com --- and the user's web browser happily hands the server the user's login cookie, because fnord.googlemail.com is in the same hierarchy as googlemail.com. Who gets blamed for this? googlemail.com, of course;

- Google want *everyone* to be able to access their services, and so have a vested interest in maintaining web standards; DNS is the engine that makes the web go, and doing stuff as horrible as DNS hijacking is destabilising the entire internet (as this illustrious publication has said, many times).

So I see this as a really good thing. I'm sure they *could* attempt to use their new-found DNS skills to spy on my precious bodily fluids, but really, who cares? I'm more interested in how much the 8.8.8.8 IP address cost them. Lots, I'd imagine.

hmmm

Can't help but wonder if they'll start 404 hijacking once they get a significant part of the whole DNS pie? However, if they actually are honest in their intentions and actions (in this case anyway), then I can only really see good to come from a truly standard, non-hijinx DNS server.

Unlike OpenDNS, for instance.

The tracking possibilities, however, are enormous. Knowing where people go would significantly enhance their advertising targeting, and would also provide huge privacy concerns.

Open DNS

"Can't help but wonder if they'll start 404 hijacking once they get a significant part of the whole DNS pie? However, if they actually are honest in their intentions and actions (in this case anyway), then I can only really see good to come from a truly standard, non-hijinx DNS server.

Unlike OpenDNS, for instance."

NX redirection can be turned off on OpenDNS, if you're a paying customer (about $10 a year). Seems fair enough that they redirect you to an advertising page if you don't pay - how else are they going to make the money to support the service?

GoogleDNS and OpenDNS are two different services really. GoogleDNS is a simple replacement for an ISP's DNS servers, whereas OpenDNS gives you a lot of options (such as blocking certain types of sites and a basic level of typo-correction).

I'd definitely be very wary about using GoogleDNS though. While they haven't really shown themselves to be completely dishonest, it would obviously be of massive benefit to Google to tie your DNS requests with your AdSense data. Then again, how many of us trust Google with their e-mails?

hijacking

Out of the box OpenDNS does redirect NXDOMAIN replies to their search page rather then give the NXDOMAIN response. However if you don't want the typo correction and shortcut services from OpenDNS then you can disable these and get the NXDOMAIN response instead.

What's studiobriefing.net?

Hey guys, so, who can't wait for Google to tell me what does and does NOT exist on the internet? Why of course, Google, you couldn't have shut down studiobriefing.net because it never existed in the first place - at least according to you!

Repeat after me: Too much control in one place. Too much control in one place. Too much control in one place.

People don't seem to realize that dystopia exists NOT because it was forced down our throats but because WE ASKED FOR IT.

Google is evil. Government is evil. It's time we throw our cards in with the less evil of the two to stop the one that is truly venomous. It's just far too bad that Google has Obama's ear - looks like it'll take the Big "G"s that make up the European Union to split Google at the seams.

Step back now and think

Yes, I think Google are great as a search engine. Yes they do some very interesting things with software. Yes, some of their services are good. The world's largest search engine running it's own DNS servers? Hmmm, just a little too uncomfortable with that.

But hey, this is Uncle Google right? Google is everyone's friend, they won't hurt anyone or do any thing nasty!

WAKE UP!

Google are a company, OK? Google are in business to make money! That is all they exist for, to make their owners bucketloads of spondoolics! Nothing more, nothing less! They might do this by making it seem like they are everyone's mate, giving away free software and services, but they still make absolute ****-loads of cash doing it.

Just like these Apple fanbois. Uncle Steve is not Mr Nice, he's a businessman, with a knack for hiring talented designers and marketers, he is not everyone's favourite uncle and best mate, he is a ruthless businessman working in a cutthroat business. Just like Serg and his mate!

You lot do know Google also runs their own PayPal style service too?

They know what you went looking for.

How many places you went looking for it.

How much you paid.

They did the cash transfer to buy it.

They store the details about your online life in their office software.

They know all about your contacts you talk to.

They know who you bought gifts for.

Google probably now knows more about you than your closets friends and partners, scary isn't it?

OpenDNS ads

I can't see any opt out/in in the OpenDNS dashboard. There are definitely ads on the redirect page you get for blocks, however on the redirect page for typo correction it shows a search engine with no overt ads.

They do look to be tracking the clicks on the search engine results though, I have disabled the typo corrections now anyway.

snowcrash

Conjoined or Dust

Google is obviously raising cash for one goal only- to build a separate network and nurture conditions so that when the technology for mind to mind communications is ripe, they will be ready to harvest it. Combine this with the quantum nature of our consciousness (ORCH OR) and the culminating emergent species will leave homo sapiens in the dust. So stop your whining, we are all doomed. It will be Google or someone else but it is inevitable. This isn't Skynet this is GodNet.

They just want more cash

You see. Once people become super rich, they go a little Howard Hughs. The only way to prevent people from stealing from you, is to control everything.

Comcast, Road Runner, and other ISPs have landing pages, where they redirect their users who have mistyped/unresolved URLs. These landing pages contain (surprise!) paid ad's.

So google winds up writing a check to some ISPs every month. Google !hates! writing checks... In google's view, these ISP's are stealing money from them.

Then there are the people who use the address bar as their search engine. When the ISP redirects these people to the ISP's own search engine... They are stealing eyeballs/clicks/market share/more money, from google.

If google allows people to become accustomed to this, it will lead to bigger and bigger checks being sent out. The ISPs could even (gasp!) allow bing/yahoo/etc, to provide the search results.

But if google gets people to use their DNS, they preempt the ISPs cash grab.

What is Google good for?

Every day we hear something about Google this or Google that, Googles taking over this or that, now we've got the GoogleDNS stuff, great :( Not.

Google has done some great things, their maps are awesome, gmail has been my personal mail address since it was by invite only, I like the iGoogle page for quick reference, and their search engine is better than anything else out there (anyone remember WebCrawler?)

But that's as far as my usage goes, I won't rely on them for DNS, I'll stick with my ISP for that, and IF my ISP switches to Google, well, I'll find something better.

We all know that these guys make their money through adverts, simple, and how much better is it if they have the DNS servers tracking IP addresses and frequented IP's? ALL YOUR AD BELONG TO GIS

All anyone has to do is say NO to stuff that can take over lives, i.e. Android, Chrome, ChromeOS, DNS, and all will be right in the world.

What have Google ever done for us?

APART from "Google has done some great things, their maps are awesome, gmail has been my personal mail address since it was by invite only, I like the iGoogle page for quick reference, and their search engine is better than anything else out there (anyone remember WebCrawler?)"

DNS

For the last 10 or so years I have been running my own local recursive DNS server because I do not trust other people to be capable of running a DNS server.

The reasons are:

1) Reliability - You'd think ISPs could run working DNS servers, this is the reason I started running my own initially.

2) Security - There's been numerous DNS cache poisoning exploits over the years, by running my own DNS cache behind a firewall I manage to avoid a lot of them (not all).

3) Hostname filtering - DNS is not the place to do hostname filtering, and recently ISPs in many countries have started implementing block lists at the DNS layer, either at the behest of government or of their own volition.

Google could certainly manage to run a reliable and secure DNS service (certainly better than most cash strapped ISPs). When it comes to hostname filtering they'll probably cave in to governments, they have quite a bad track record on this.

However anyone who's ever run a tcpdump for DNS traffic knows quite how much about your browsing habbits, and even what software you have installed leaks out on to the internet. Google already has enough data about your browsing habbits, why give them even more.

opendns

DDOS attack

Does anyone else see the possibility for some malicious hacker to take down the entire Internet?

Google has those 2 IPs (which are really decent by the way) and let's say in a couple of years 50% of the population are using their resolvers.

If someone DDOS's those IPs, it will kill the Internet for that 50%.

You could say "the people that use those resolvers are going to be in the minority" but 10-15 years ago did you "Google"? I certainly didn't. I do now - a large number of times a day.

You could also say "yeah but behind those 2 IPs there'll be a huge number of servers" - true, but look at Facebook/Twitter - they've probably got somewhere in the region of hundreds of servers, and they managed to get taken down by a DDOS attack not that long ago.

I can also see it being pushed on oblivious people by their ISPs who suddenly realise "hey, we don't need to run our own resolvers now." So for every new customer, they post out a router pre-configured with 8.8.4.4 and 8.8.8.8.

DDOS firewall

Google already have much more traffic and routing capacity than any likely DDOSer can throw at them. True, they might not want the largest likely DDOS to be thrown at the pair of resolver IP addresses directly. But this wouldn't happen. All Google would have to do would be to identify originating abusive addresses and address blocks dynamically and block these from coming into the Google network at their border routers. This would be more generally disruptive for customers of ISPs not implementing RFC2827, but having customer pressure forcing their own ISPs to implement RFC2827 would be a positive outcome.

...Soon to come; the Google ID Card

Just think of the endless possibilities for capturing data and profiling more of the public's habits, interests, health, shopping, house selling, car journeys, email friends, content of your documents, spreadhseets, pictures of your families, mobile phone calls, activites on your Google OS, complete surfing experience from your DNS... why invest in all of these systems when a simple Google ID card for all memebers of planet earth would solve the problem?

The insidiousness of this should begin to alarm governments not just the public. Too much data in the hands of one company, especially as there is no oversight of data usage, is threatening. Perhaps it is time to see if the EU commissioners should be looking at the privicay and intrusion aspects of one company having access to all of this data.

.... however that said, and just to be safe from the storm troopers at midnight, I want to be one of the first to welcome our Googleplex Overlords, declare myself a citizen of the Google republic and shout 'down with privacy, long live the revolution!'

One. twice, three times BS

1. Yes every day I must lose a total of under 500 milliseconds of my life waiting my ISP's DNS server.

2. DNS lookups are typically cached locally on your machine. You would only get any [undefined] 'benefit' of the Google DNS on the first call. Unless you're bouncing around different sites constantly that amounts to less than diddly.

Not before time

I recently spent half a fecking day, struggling to understand some garbage that was returned in a call to a webservice. Had to get on the phone, talk it through with the service provider ... finally it dawned on us ... the URL was mistyped in our db, and instead of getting an error (which the code would have flagged up) my ISPs DNS resolution was "helpfully" returning a page flogging domain names. So no error, the code was trying to parse and HTML page.

sky = more evil?

I've just tried to change the DNS settings on the router supplied by (the otherwise excellent) Sky only to discover that they are preset and cannot be changed. I've rung the Sky helpdesk and they've confirmed it - the DNS servers used by Sky cannot be altered other than by using your own router (which isn't supported....).

You don't have to config DNS through your router

Easiest bypass is to configure all your internal machines to use static IPs in the range supported by the router typically 192.168.1/24 so they don't get DNS addresses through DHCP. Then get them to point to your chosen DNS resolver directly. Even better find an open source firmware compatible with the Murdoch owned router (if there is one) which doesn't brick or disconnect you.

Your requested website will follow shortly...

We could just

It's all in the wording...

Consider the following, from the GoogleDNS privacy policy page:

"We don't correlate or combine your information from these logs with any other log data that Google might have about your use of other services, such as data from Web Search and data from advertising on the Google content network."

Notice the key words "from these logs". Think about that for second. It means that live, "on-the-fly" correlations, or correlations made with the data *outside* the permanent logs, is not denied.

speed?

Surely Gooogle's "speed" argument is completely bogus? I currently have a fault on my broadband (THANK YOU PLUSNET) making everything really, really, really slow, but time for DNS resolution is still negligible.

If you really wanted to speed up browsing, you'd ban Adobe Flash.

I can see where this is going though. The Gooogle Chrome appliance will have the DNS servers hardwired with no option for the user to change them.